UbuntuUpdates.org

Package "sqlite3"

Name: sqlite3

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • LALR(1) Parser Generator for C or C++
  • SQLite 3 Tcl bindings

Latest version: 3.8.2-1ubuntu2.2
Release: trusty (14.04)
Level: updates
Repository: universe

Links



Other versions of "sqlite3" in Trusty

Repository Area Version
base universe 3.8.2-1ubuntu2
base main 3.8.2-1ubuntu2
security main 3.8.2-1ubuntu2.2
security universe 3.8.2-1ubuntu2.2
updates main 3.8.2-1ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.8.2-1ubuntu2.2 2019-02-26 22:06:28 UTC

  sqlite3 (3.8.2-1ubuntu2.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Avoid segmentation fault while using a corrupted file.
    - d/p/0001-Fix-a-parsing-issue-associated-with-a-corrupt-sqlite.patch:
      Check if parser is busy before using it and raise an error if positive.
      (LP: #1814869)
    - d/p/0002-Better-error-message-text-when-the-schema-is-corrupt.patch:
      Better message and additional checks.
    - No CVE associated.

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 21 Feb 2019 17:13:40 +0100

Source diff to previous version

Version: 3.8.2-1ubuntu2.1 2015-07-30 18:06:56 UTC

  sqlite3 (3.8.2-1ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: array overrun in the skip-scan optimization
    (LP: #1448758)
    - debian/patches/CVE-2013-7443.patch: make sure array is large enough
      in src/where.c, added test to test/skipscan1.test.
    - CVE-2013-7443
  * SECURITY UPDATE: improper dequoting of collation-sequence names
    - debian/patches/CVE-2015-3414.patch: handle dequoting in src/expr.c,
      src/parse.y, src/sqliteInt.h, src/where.c, added tests to
      test/collate1.test.
    - CVE-2015-3414
  * SECURITY UPDATE: improper large integers handling in printf function
    - debian/patches/CVE-2015-3416.patch: handle large integers in
      src/printf.c, added tests to test/printf.test.
    - CVE-2015-3416

 -- Marc Deslauriers Tue, 14 Jul 2015 13:26:04 -0400

1448758 memory corruption/crash in 64bit version of 3.8.2
CVE-2013-7443 SQLite array overrun in the skip-scan optimization
CVE-2015-3414 SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial
CVE-2015-3416 The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions



About   -   Send Feedback to @ubuntu_updates